Lucene search

K

1. Unity EdgeConnect, NX, VX 2. Unity Orchestrator, 3. EdgeConnect In AWS, Azure, GCP Security Vulnerabilities

osv
osv

BIT-magento-2024-34108

Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction, but admin privileges...

9.1CVSS

7.5AI Score

0.001EPSS

2024-06-17 07:24 AM
osv
osv

BIT-magento-2024-34109

Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction, but admin privileges...

7.2CVSS

7.5AI Score

0.001EPSS

2024-06-17 07:24 AM
osv
osv

BIT-magento-2024-34110

Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Unrestricted Upload of File with Dangerous Type vulnerability that could result in arbitrary code execution. A high-privilege attacker could exploit this vulnerability by uploading a malicious file to the...

7.2CVSS

7.3AI Score

0.001EPSS

2024-06-17 07:24 AM
osv
osv

BIT-gitlab-2024-1495

An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.1 prior to 16.10.7, starting from 16.11 prior to 16.11.4, and starting from 17.0 prior to 17.0.2. It was possible for an attacker to cause a denial of service using maliciously crafted...

6.5CVSS

6.3AI Score

0.0004EPSS

2024-06-17 07:24 AM
1
osv
osv

BIT-magento-2024-34111

Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by a Server-Side Request Forgery (SSRF) vulnerability that could result in arbitrary code execution. An attacker could exploit this vulnerability by sending a crafted request to the server, which could then cause.....

6.5CVSS

7.9AI Score

0.0005EPSS

2024-06-17 07:24 AM
openbugbounty
openbugbounty

protectlink.security-mail.net Open Redirect vulnerability OBB-3935814

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

7AI Score

2024-06-17 07:24 AM
3
osv
osv

BIT-gitlab-2024-1736

An issue has been discovered in GitLab CE/EE affecting all versions prior to 16.10.7, starting from 16.11 prior to 16.11.4, and starting from 17.0 prior to 17.0.2. A vulnerability in GitLab's CI/CD pipeline editor could allow for denial of service attacks through maliciously crafted configuration.....

6.5CVSS

6.4AI Score

0.0004EPSS

2024-06-17 07:23 AM
1
osv
osv

BIT-gitlab-2024-1963

An issue has been discovered in GitLab CE/EE affecting all versions starting from 8.4 prior to 16.10.7, starting from 16.11 prior to 16.11.4, and starting from 17.0 prior to 17.0.2. A vulnerability in GitLab's Asana integration allowed an attacker to potentially cause a regular expression denial...

6.5CVSS

6.2AI Score

0.0004EPSS

2024-06-17 07:23 AM
1
osv
osv

BIT-kibana-2024-37279

A flaw was discovered in Kibana, allowing view-only users of alerting to use the run_soon API making the alerting rule run continuously, potentially affecting the system availability if the alerting rule is running complex...

4.3CVSS

4.5AI Score

0.0004EPSS

2024-06-17 07:22 AM
2
osv
osv

BIT-hubble-2024-37307

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Starting in version 1.13.0 and prior to versions 1.13.7, 1.14.12, and 1.15.6, the output of cilium-bugtool can contain sensitive data when the tool is run (with the --envoy-dump flag set) against Cilium...

7.9CVSS

7.6AI Score

0.0004EPSS

2024-06-17 07:20 AM
1
osv
osv

BIT-gitlab-2024-4201

A cross-site scripting issue has been discovered in GitLab affecting all versions starting from 5.1 before 16.10.7, all versions starting from 16.11 before 16.111.4, all versions starting from 17.0 before 17.0.2. When viewing an XML file in a repository in raw mode, it can be made to render as...

4.4CVSS

4.2AI Score

0.0004EPSS

2024-06-17 07:20 AM
3
osv
osv

BIT-elk-2024-37279

A flaw was discovered in Kibana, allowing view-only users of alerting to use the run_soon API making the alerting rule run continuously, potentially affecting the system availability if the alerting rule is running complex...

4.3CVSS

4.5AI Score

0.0004EPSS

2024-06-17 07:17 AM
1
osv
osv

BIT-elasticsearch-2024-37280

A flaw was discovered in Elasticsearch, affecting document ingestion when an index template contains a dynamic field mapping of “passthrough” type. Under certain circumstances, ingesting documents in this index would cause a StackOverflow exception to be thrown and ultimately lead to a Denial of...

4.9CVSS

5AI Score

0.0004EPSS

2024-06-17 07:17 AM
3
osv
osv

BIT-cilium-2024-37307

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Starting in version 1.13.0 and prior to versions 1.13.7, 1.14.12, and 1.15.6, the output of cilium-bugtool can contain sensitive data when the tool is run (with the --envoy-dump flag set) against Cilium...

7.9CVSS

7.6AI Score

0.0004EPSS

2024-06-17 07:16 AM
1
osv
osv

BIT-cilium-operator-2024-37307

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Starting in version 1.13.0 and prior to versions 1.13.7, 1.14.12, and 1.15.6, the output of cilium-bugtool can contain sensitive data when the tool is run (with the --envoy-dump flag set) against Cilium...

7.9CVSS

7.6AI Score

0.0004EPSS

2024-06-17 07:16 AM
1
nvd
nvd

CVE-2024-5650

DLL Hijacking vulnerability has been found in CENTUM CAMS Log server provided by Yokogawa Electric Corporation. If an attacker is somehow able to intrude into a computer that installed affected product or access to a shared folder, by replacing the DLL file with a tampered one, it is possible to...

8.5CVSS

0.0004EPSS

2024-06-17 07:15 AM
3
cve
cve

CVE-2024-5650

DLL Hijacking vulnerability has been found in CENTUM CAMS Log server provided by Yokogawa Electric Corporation. If an attacker is somehow able to intrude into a computer that installed affected product or access to a shared folder, by replacing the DLL file with a tampered one, it is possible to...

8.5CVSS

8.7AI Score

0.0004EPSS

2024-06-17 07:15 AM
2
malwarebytes
malwarebytes

A week in security (June 10 – June 16)

Last week on Malwarebytes Labs: Truist bank confirms data breach Update now! Google Pixel vulnerability is under active exploitation Adobe clarifies Terms of Service change, says it doesn’t train AI on customer content 23andMe data breach under joint investigation in two countries When things go...

7AI Score

2024-06-17 07:03 AM
6
msrc
msrc

Mitigating SSRF Vulnerabilities Impacting Azure Machine Learning

Summary On May 9, 2024, Microsoft successfully addressed multiple vulnerabilities within the Azure Machine Learning (AML) service, which were initially discovered by security research firms Wiz and Tenable. These vulnerabilities, which included Server-Side Request Forgeries (SSRF) and a path...

7.4AI Score

2024-06-17 07:00 AM
1
openbugbounty
openbugbounty

aardvark.com.gr Cross Site Scripting vulnerability OBB-3935809

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-17 06:33 AM
4
thn
thn

Hackers Exploit Legitimate Websites to Deliver BadSpace Windows Backdoor

Legitimate-but-compromised websites are being used as a conduit to deliver a Windows backdoor dubbed BadSpace under the guise of fake browser updates. "The threat actor employs a multi-stage attack chain involving an infected website, a command-and-control (C2) server, in some cases a fake browser....

7.1AI Score

2024-06-17 06:28 AM
8
vulnrichment
vulnrichment

CVE-2024-5650

DLL Hijacking vulnerability has been found in CENTUM CAMS Log server provided by Yokogawa Electric Corporation. If an attacker is somehow able to intrude into a computer that installed affected product or access to a shared folder, by replacing the DLL file with a tampered one, it is possible to...

8.5CVSS

7.5AI Score

0.0004EPSS

2024-06-17 06:21 AM
cvelist
cvelist

CVE-2024-5650

DLL Hijacking vulnerability has been found in CENTUM CAMS Log server provided by Yokogawa Electric Corporation. If an attacker is somehow able to intrude into a computer that installed affected product or access to a shared folder, by replacing the DLL file with a tampered one, it is possible to...

8.5CVSS

0.0004EPSS

2024-06-17 06:21 AM
2
cve
cve

CVE-2024-6047

Certain EOL GeoVision devices fail to properly filter user input for the specific functionality. Unauthenticated remote attackers can exploit this vulnerability to inject and execute arbitrary system commands on the...

9.8CVSS

9.8AI Score

0.001EPSS

2024-06-17 06:15 AM
5
nvd
nvd

CVE-2024-6047

Certain EOL GeoVision devices fail to properly filter user input for the specific functionality. Unauthenticated remote attackers can exploit this vulnerability to inject and execute arbitrary system commands on the...

9.8CVSS

0.001EPSS

2024-06-17 06:15 AM
2
nvd
nvd

CVE-2024-4305

The Post Grid Gutenberg Blocks and WordPress Blog Plugin WordPress plugin before 4.1.0 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored...

0.0004EPSS

2024-06-17 06:15 AM
2
cve
cve

CVE-2024-4305

The Post Grid Gutenberg Blocks and WordPress Blog Plugin WordPress plugin before 4.1.0 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored...

5.6AI Score

0.0004EPSS

2024-06-17 06:15 AM
4
openbugbounty
openbugbounty

heerfashion.com Cross Site Scripting vulnerability OBB-3935807

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-17 06:09 AM
2
cvelist
cvelist

CVE-2024-4305 PostX < 4.1.0 - Contributor+ Stored XSS

The Post Grid Gutenberg Blocks and WordPress Blog Plugin WordPress plugin before 4.1.0 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored...

0.0004EPSS

2024-06-17 06:00 AM
1
vulnrichment
vulnrichment

CVE-2024-6047 GeoVision EOL device - OS Command Injection

Certain EOL GeoVision devices fail to properly filter user input for the specific functionality. Unauthenticated remote attackers can exploit this vulnerability to inject and execute arbitrary system commands on the...

9.8CVSS

9.9AI Score

0.001EPSS

2024-06-17 05:48 AM
cvelist
cvelist

CVE-2024-6047 GeoVision EOL device - OS Command Injection

Certain EOL GeoVision devices fail to properly filter user input for the specific functionality. Unauthenticated remote attackers can exploit this vulnerability to inject and execute arbitrary system commands on the...

9.8CVSS

0.001EPSS

2024-06-17 05:48 AM
2
openbugbounty
openbugbounty

mashcall.com Cross Site Scripting vulnerability OBB-3935805

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-17 05:41 AM
2
thn
thn

NiceRAT Malware Targets South Korean Users via Cracked Software

Threat actors have been observed deploying a malware called NiceRAT to co-opt infected devices into a botnet. The attacks, which target South Korean users, are designed to propagate the malware under the guise of cracked software, such as Microsoft Windows, or tools that purport to offer license...

6.9AI Score

2024-06-17 05:11 AM
13
nvd
nvd

CVE-2024-6045

Certain models of D-Link wireless routers contain an undisclosed factory testing backdoor. Unauthenticated attackers on the local area network can force the device to enable Telnet service by accessing a specific URL and can log in by using the administrator credentials obtained from analyzing the....

8.8CVSS

0.001EPSS

2024-06-17 04:15 AM
4
nvd
nvd

CVE-2024-6046

SECOM WRTR-304GN-304TW-UPSC V02(unsupported-when-assigned) does not properly filter user input in the specific functionality. Unauthenticated remote attackers can exploit this vulnerability to inject and execute arbitrary system commands on the...

9.8CVSS

0.001EPSS

2024-06-17 04:15 AM
2
cve
cve

CVE-2024-6046

SECOM WRTR-304GN-304TW-UPSC V02(unsupported-when-assigned) does not properly filter user input in the specific functionality. Unauthenticated remote attackers can exploit this vulnerability to inject and execute arbitrary system commands on the...

9.8CVSS

9.8AI Score

0.001EPSS

2024-06-17 04:15 AM
4
cve
cve

CVE-2024-6045

Certain models of D-Link wireless routers contain an undisclosed factory testing backdoor. Unauthenticated attackers on the local area network can force the device to enable Telnet service by accessing a specific URL and can log in by using the administrator credentials obtained from analyzing the....

8.8CVSS

8.4AI Score

0.001EPSS

2024-06-17 04:15 AM
21
cvelist
cvelist

CVE-2024-6046 SECOM WRTR-304GN-304TW-UPSC - OS Command Injection

SECOM WRTR-304GN-304TW-UPSC V02(unsupported-when-assigned) does not properly filter user input in the specific functionality. Unauthenticated remote attackers can exploit this vulnerability to inject and execute arbitrary system commands on the...

9.8CVSS

0.001EPSS

2024-06-17 03:33 AM
4
nvd
nvd

CVE-2024-6044

Certain models of D-Link wireless routers have a path traversal vulnerability. Unauthenticated attackers on the same local area network can read arbitrary system files by manipulating the...

6.5CVSS

0.001EPSS

2024-06-17 03:15 AM
5
cve
cve

CVE-2024-6044

Certain models of D-Link wireless routers have a path traversal vulnerability. Unauthenticated attackers on the same local area network can read arbitrary system files by manipulating the...

6.5CVSS

6.5AI Score

0.001EPSS

2024-06-17 03:15 AM
3
cvelist
cvelist

CVE-2024-6045 D-Link router - Hidden Backdoor

Certain models of D-Link wireless routers contain an undisclosed factory testing backdoor. Unauthenticated attackers on the local area network can force the device to enable Telnet service by accessing a specific URL and can log in by using the administrator credentials obtained from analyzing the....

8.8CVSS

0.001EPSS

2024-06-17 03:12 AM
6
cvelist
cvelist

CVE-2024-6044 D-Link router - Arbitrary File Reading

Certain models of D-Link wireless routers have a path traversal vulnerability. Unauthenticated attackers on the same local area network can read arbitrary system files by manipulating the...

6.5CVSS

0.001EPSS

2024-06-17 02:30 AM
2
nvd
nvd

CVE-2024-6043

A vulnerability classified as critical has been found in SourceCodester Best House Rental Management System 1.0. This affects the function login of the file admin_class.php. The manipulation of the argument username leads to sql injection. It is possible to initiate the attack remotely. The...

7.3CVSS

0.0004EPSS

2024-06-17 01:15 AM
2
cve
cve

CVE-2024-6043

A vulnerability classified as critical has been found in SourceCodester Best House Rental Management System 1.0. This affects the function login of the file admin_class.php. The manipulation of the argument username leads to sql injection. It is possible to initiate the attack remotely. The...

7.3CVSS

7.6AI Score

0.0004EPSS

2024-06-17 01:15 AM
2
cve
cve

CVE-2024-6042

A vulnerability was found in itsourcecode Real Estate Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file property-detail.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The...

7.3CVSS

6.8AI Score

0.0004EPSS

2024-06-17 12:15 AM
4
nvd
nvd

CVE-2024-6042

A vulnerability was found in itsourcecode Real Estate Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file property-detail.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The...

7.3CVSS

0.0004EPSS

2024-06-17 12:15 AM
3
osv
osv

Malicious code in airbnb-o2 (npm)

-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (15a37bd4059b76c7466684dfbc565c913af0ab4af849c5a643ce44d3bb7a4a6e) The OpenSSF Package Analysis project identified 'airbnb-o2' @ 13.37.1 (npm) as malicious. It is considered malicious because: The package...

7.1AI Score

2024-06-17 12:09 AM
2
cvelist
cvelist

CVE-2024-6043 SourceCodester Best House Rental Management System admin_class.php login sql injection

A vulnerability classified as critical has been found in SourceCodester Best House Rental Management System 1.0. This affects the function login of the file admin_class.php. The manipulation of the argument username leads to sql injection. It is possible to initiate the attack remotely. The...

7.3CVSS

0.0004EPSS

2024-06-17 12:00 AM
2
vulnrichment
vulnrichment

CVE-2024-6043 SourceCodester Best House Rental Management System admin_class.php login sql injection

A vulnerability classified as critical has been found in SourceCodester Best House Rental Management System 1.0. This affects the function login of the file admin_class.php. The manipulation of the argument username leads to sql injection. It is possible to initiate the attack remotely. The...

7.3CVSS

7.5AI Score

0.0004EPSS

2024-06-17 12:00 AM
openvas
openvas

Ubuntu: Security Advisory (USN-6818-3)

The remote host is missing an update for...

7.8CVSS

8.8AI Score

0.001EPSS

2024-06-17 12:00 AM
Total number of security vulnerabilities3048564